Multiauthority Ciphertext Policy-Attribute-Based Encryption: Comparison
View Latest Version
Please note this is a comparison between Version 2 by Rita Xu and Version 1 by Shanshan Tu.

Fog computing accredits by utilizing the network edge while still rendering the possibility to interact with the cloud. Nevertheless, the features of fog computing are encountering several security challenges. The security of end users and/or fog servers brings a significant dilemma in implementing fog computing. The computational power of the resources constrains Internet of Things (IoT) devices in the fog-computing environment. Therefore, an attacker can easily attack. Traditional methods like attribute-based encryption (ABE) techniques are inappropriate for resource-constraint devices with protracted computing and limited computational capabilities. In this regard, researchers investigate a multiauthority ciphertext policy-attribute-based encryption (MA-CP-ABE) method that enables multiauthority attribute revocation and computation outsourcing.

  • fog computing
  • ciphertext policy
  • attribute-based encryption

1. Introduction

Fog computing is a promising computational framework extending cloud computing to the network’s edge for a smooth interconnection between cloud computing and resource-constraint devices [1,2,3,4][1][2][3][4]. The primary benefit of fog computing is the delivery of robust capabilities to resource-constraint devices in terms of processing and storage while being closer to end devices [5]. Security concerns have yet to be resolved regardless of the advantages of fog computing [6]. This includes data protection and access control for devices with limited resources [7]. Resource-constrained devices are more susceptible and unreliable because fog nodes are considered on the edge of the network and are inexpensive as compared to cloud servers.
The novel proposed solution to these issues is to encrypt the information before uploading it to the fog node. As a result, the attribute-based encryption (ABE) notion is a one-to-many cryptographic approach [8]. The traditional ABE is an encryption process depending on multiple attributes of the private and public keys [9]. However, the scheme is inappropriate for end devices due to limited computational resources, complex management and high computational times [10,11,12][10][11][12]. Nevertheless, the encryptor may not be required to recognize the end user’s precise details and only needs to embed the attribute into the ciphertext. End users decrypt information only if their attributes match the access structure. The procedure enables access control over data encryption between secret keys and ciphertext via access policies and assigned attributes.
In this regard, the ciphertext policy-attribute-based encryption (CP-ABE) allows data owners to establish the access policy for various end-user attributes to decrypt the ciphertext. For instance, ciphertext validity can be ensured by public verification, and valid ciphertexts must be stored or transmitted. In the primitive process, end users in the fogs generated private keys from multiple authorities whose geographical locations or functions might differentiate. Another cryptographic primitive process known as server-aided revocable bilateral ABE can be used to secure and lightweight bilateral access control systems. This includes fine-grained data users and data-owner access control simultaneously, outsourced data source identification, server-aided user revocation and data decryption with exponentiation computation. Moreover, the CP-ABE can verify the outsourcing of encryption and decryption to any untrusted encryption and decryption service provider. This allows us to outsource encryption and decryption processes by using modular exponentiation for the single untrusted server to generate the transformation of keys.
The existing CP-ABE-based solutions, however, primarily concentrate on how end users can manage secured data access. Few works considered the access control requirements of fog nodes from resource-constraint devices. However, several instances of end-user equipment access to the network makes end-user management extremely difficult. Also, the encryption and decryption operations of CP-ABE require several exponentiations modules directly related to the number of attributes. This poses a fundamental problem for end users to access and change the data on resource-constrained gadgets, having a limited storage capacity and computation.

2. Attribute-Based Encryption (ABE)

The authors of [18][13] developed the key-policy attribute-based encryption (KP-ABE) method. The KP-ABE method illustrated that the ciphertext is presented in the set of attributes and secret keys. The authors of [19][14] presented an ABE method concerning the location of access control. The authors formulated the problem of attacks on secret keys to impede the applications of KP-ABE. The technique was further investigated in [20][15] to improve ABE’s efficiency by exploiting overlooked facts, i.e., the hierarchical links among the attributes in access control. The authors of [17][16] investigated the attribute-based broadcast encryption. The authors tried to solve an efficient, constant, private-key ciphertext-policy ABBE scheme for fast decryption. In [21][17], the authors considered a key-exchange protocol based on CP-ABE to establish authentic and confidential communications. Furthermore, the authors of [22][18] proposed a fully policy-hidden CP-ABE scheme constructed on the linear secret-sharing-scheme access structure and prime-order groups for public cloud data sharing. In [23][19], an extended file hierarchy CP-ABE scheme is proposed to encrypt multiple files on the same access level. The authors provide secure and flexible access control for users in cloud storage. The authors of [24][20] proposed an ABE scheme with adaptive security for cloud-assisted IoTs. The authors achieved access control, revocability and adaptive security under formal-decision linear assumptions. Finally, the authors of [25][21] proposed CP-ABE with arithmetic span programs to reduce the unnecessary cost of defining the access policy. The proposed scheme prevents the revoked user from accessing the newly generated data and the old data that can be accessed. However, the reported results are limited only to fog servers, and there is no security achievement for resource-constraint devices. Moreover, the authors did not describe multiauthority and attribute-revocation problems in the works above.

3. Multiauthority Attribute-Based Encryption (MA-ABE)

In [26][22], the authors proposed CP-ABE without a central entity to disseminate the keys to end users. In [13][23], the authors proposed MA-ABE, which delivered a fine-grained access-control policy over the encrypted data to achieve data privacy. The authors aimed to solve the revocation of attributes to improve the end user’s appropriate access in a timely and efficient manner. The authors of [27][24] suggested an MA-ABE access-control approach to allow an infinite attribute universe while providing an effective decryption outsourcing strategy. In [28][25], the authors proposed Chase’s scheme to allow encryptors to determine the number of attributes required for each ciphertext from related attribute authorities. The authors of [29][26] worked in a secure MA-ABE scheme to minimize the computation and storage burden on resource-limited devices in cloud systems. In addition, the authors of [30][27] proposed robust generic MA-ABE management systems to overcome the challenges of cloud storage services. The authors used the digital identity of the users to prevent collusion between system users. Finally, the authors of [31][28] proposed MA-ABE to allow the authorization process to be performed only once, even over policies from multiple authorities, and they improved the scalability. Although the above schemes are essential to implement, they failed to achieve the proposed techniques’ effectiveness and practicality. Additionally, the above procedures did not consider ABE’s combined effect of multiauthority, attribute revocation and outsourcing. Moreover, these works did not consider simultaneously implementing encryption, decryption outsourcing or attribute revocation. In addition, the attribute that permitted the key distribution of a particular number of attributes is not generally addressed during most of the work implementation.

4. Attribute-Revocation Attribute-Based Encryption (AR-ABE)

The ABE approaches focused on implementing abundant access strategies and neglected the attribute revocation in the encryption mechanism [32][29]. For example, the authors of [33][30] introduced the re-encryption method into attribute revocation. The proposed scheme deals with data outsourcing and enforces authorization policies and policy updates. The authors of [34][31] suggested the notion of access-control policies and end-user revocation capabilities. The system produces the group keys to the revocation list in this case. The authors of [35][32] provided the MR-ABE by utilizing the attribute-group key under certain error assumptions to solve the attribute revocation and granting problems. However, due to the high computational overhead, the system is inappropriate for resource-constraint devices. The authors of [14][33] proposed collision avoidance CP-ABE and attribute revocation for cloud storage. Finally, the authors of [31][28] considered security requirements for an AR-ABE to prove confidentiality and integrity. An outsourcing architecture in the above may lead to attribute and end-user revocation problems. In addition, the proposed solutions mentioned above are unsuitable for fog-computing and resource-constraint devices due to their high computational complexity. Moreover, the techniques lack information about data outsourcing for the resource-constraint devices and the multiauthority approach.

5. Outsourced Attribute-Based Encryption (O-ABE)

Based on outsourcing, the authors of [37][34] introduced a privacy-protection strategy for O-ABE that enables mobile devices to outsource encryption and decryption procedures without leaking information to cloud service providers. The authors of [38][35] proposed a generic construction of chosen plaintext attack (CPA) and replayable chosen ciphertext attack (RCCA) ABE systems to verify the outsourced decryption. However, the authors only considered the outsourcing mechanism for decryption operations and ignored encryption operations. A CCA mechanism is also proposed in [39][36] for ABE with outsourced decryption operations. Nevertheless, the authors did not consider outsourcing encryption operations in CCA. The method is not practical for resource-constraint devices in fog computing. Keeping fog computing in the discussion, the authors of [40][37] proposed CP-ABE-based access control to support outsourcing and attribute revocations. In another article [41][38], the authors proposed outsourcing cryptography to fog nodes for resource-constraint devices. The authors of [42][39] proposed fine-grained access control, encryption, outsourced decryption, user revocation and ciphertext verification. The authors used a revocation mechanism utilizing the chameleon hash function for the IoMT ecosystem. Furthermore, the authors of [43][40] proposed a forward secure public key searchable encryption (FS-PKSE) scheme in which a cloud server cannot learn any information about an encrypted data file that contains keywords.

References

  1. Li, J.; Jin, J.; Yuan, D.; Zhang, H. Virtual fog: A virtualization enabled fog computing framework for Internet of Things. IEEE Internet Things J. 2017, 5, 121–131.
  2. Mukherjee, M.; Shu, L.; Wang, D. Survey of fog computing: Fundamental, network applications, and research challenges. IEEE Commun. Surv. Tutor. 2018, 20, 1826–1857.
  3. Ahmed, M.; Li, Y.; Waqas, M.; Sheraz, M.; Jin, D.; Han, Z. A survey on socially aware device-to-device communications. IEEE Commun. Surv. Tutor. 2018, 20, 2169–2197.
  4. Wani, A.; Khaliq, R. SDN-based intrusion detection system for IoT using deep learning classifier (IDSIoT-SDL). CAAI Trans. Intell. Technol. 2021, 6, 281–290.
  5. Tu, S.; Waqas, M.; Rehman, S.U.; Aamir, M.; Rehman, O.U.; Jianbiao, Z.; Chang, C.C. Security in fog computing: A novel technique to tackle an impersonation attack. IEEE Access 2018, 6, 74993–75001.
  6. Chen, Z. Research on internet security situation awareness prediction technology based on improved RBF neural network algorithm. J. Comput. Cogn. Eng. 2022, 1, 103–108.
  7. Das, S.; Namasudra, S. Multiauthority CP-ABE-based Access Control Model for IoT-enabled Healthcare Infrastructure. IEEE Trans. Ind. Inform. 2022, 19, 821–829.
  8. Xie, Y.; Wen, H.; Wu, B.; Jiang, Y.; Meng, J. A Modified Hierarchical Attribute-Based Encryption Access Control Method for Mobile Cloud Computing. IEEE Trans. Cloud Comput. 2019, 7, 383–391.
  9. Moffat, S.; Hammoudeh, M.; Hegarty, R. A Survey on Ciphertext-Policy Attribute-Based Encryption (CP-ABE) Approaches to Data Security on Mobile Devices and its Application to IoT. In Proceedings of the International Conference on Future Networks and Distributed Systems (ICFNDS’17), Cambridge, UK, 19–20 July 2017.
  10. Waqas, M.; Ahmed, M.; Li, Y.; Jin, D.; Chen, S. Social-aware secret key generation for secure device-to-device communication via trusted and non-trusted relays. IEEE Trans. Wirel. Commun. 2018, 17, 3918–3930.
  11. Haus, M.; Waqas, M.; Ding, A.Y.; Li, Y.; Tarkoma, S.; Ott, J. Security and privacy in device-to-device (D2D) communication: A review. IEEE Commun. Surv. Tutor. 2017, 19, 1054–1079.
  12. Yan, K.; Chen, X.; Zhou, X.; Yan, Z.; Ma, J. Physical Model Informed Fault Detection and Diagnosis of Air Handling Units Based on Transformer Generative Adversarial Network. IEEE Trans. Ind. Inform. 2022, 19, 2192–2199.
  13. Goyal, V.; Pandey, O.; Sahai, A.; Waters, B. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, 30 October–3 November 2006; pp. 89–98.
  14. Yu, S.; Ren, K.; Lou, W.; Li, J. Defending against key abuse attacks in KP-ABE enabled broadcast systems. In Proceedings of the International Conference on Security and Privacy in Communication Systems, Washington, DC, USA, 21–23 October 2009; Springer: Berlin/Heidelberg, Germany, 2009; pp. 311–329.
  15. Li, J.; Wang, Q.; Wang, C.; Ren, K. Enhancing attribute-based encryption with attribute hierarchy. Mob. Netw. Appl. 2011, 16, 553–561.
  16. Canard, S.; Phan, D.H.; Trinh, V.C. Attribute-based broadcast encryption scheme for lightweight devices. IET Inf. Secur. 2017, 12, 52–59.
  17. Alrawais, A.; Alhothaily, A.; Hu, C.; Xing, X.; Cheng, X. An attribute-based encryption scheme to secure fog communications. IEEE Access 2017, 5, 9131–9138.
  18. Zhang, Z.; Zhang, J.; Yuan, Y.; Li, Z. An expressive fully policy-hidden ciphertext policy attribute-based encryption scheme with credible verification based on blockchain. IEEE Internet Things J. 2021, 9, 8681–8692.
  19. Li, J.; Chen, N.; Zhang, Y. Extended file hierarchy access control scheme with attribute-based encryption in cloud computing. IEEE Trans. Emerg. Top. Comput. 2019, 9, 983–993.
  20. Xiong, H.; Huang, X.; Yang, M.; Wang, L.; Yu, S. Unbounded and efficient revocable attribute-based encryption with adaptive security for cloud-assisted internet of things. IEEE Internet Things J. 2021, 9, 3097–3111.
  21. Huang, X.; Xiong, H.; Chen, J.; Yang, M. Efficient revocable storage attribute-based encryption with arithmetic span programs in cloud-assisted internet of things. IEEE Trans. Cloud Comput. 2023, 11, 1273–1285.
  22. Rouselakis, Y.; Waters, B. Efficient statically-secure large-universe multi-authority attribute-based encryption. In Proceedings of the International Conference on Financial Cryptography and Data Security, San Juan, Puerto Rico, 26–30 January 2015; Springer: Berlin/Heidelberg, Germany, 2015; pp. 315–332.
  23. Liu, Z.; Jiang, Z.L.; Wang, X.; Yiu, S.M. Practical attribute-based encryption: Outsourcing decryption, attribute revocation and policy updating. J. Netw. Comput. Appl. 2018, 108, 112–123.
  24. Li, Q.; Zhu, H. Multi-authority attribute-based access control scheme in mhealth cloud with unbounded attribute universe and decryption outsourcing. In Proceedings of the 2017 9th International Conference on Wireless Communications and Signal Processing (WCSP), Nanjing, China, 11–13 October 2017; IEEE: Piscataway, NJ, USA, 2017; pp. 1–7.
  25. Li, K.; Ma, H. Outsourcing Decryption of Multi-Authority ABE Ciphertexts. Int. J. Netw. Secur. 2014, 16, 286–294.
  26. Miao, Y.; Deng, R.H.; Liu, X.; Choo, K.K.R.; Wu, H.; Li, H. Multi-authority attribute-based keyword search over encrypted cloud data. IEEE Trans. Dependable Secur. Comput. 2019, 18, 1667–1680.
  27. Ibrahim, I.M.; Mostafa, M.G.; El-Din, S.H.N.; Elgohary, R.; Faheem, H. A robust generic multi-authority attributes management system for cloud storage services. IEEE Trans. Cloud Comput. 2018, 9, 435–446.
  28. Xu, L.; Sun, S.; Yuan, X.; Liu, J.K.; Zuo, C.; Xu, C. Enabling authorized encrypted search for multi-authority medical databases. IEEE Trans. Emerg. Top. Comput. 2019, 9, 534–546.
  29. Tu, S.; Huang, Y.; Magurawalage, C.M.S.; Peng, L.; Zhou, Z. Access control system based cloudlet and ABE on mobile cloud. J. Internet Technol. 2016, 17, 1443–1451.
  30. Yu, S.; Wang, C.; Ren, K.; Lou, W. Attribute based data sharing with attribute revocation. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, Beijing, China, 13–16 April 2010; ACM: New York, NY, USA, 2010; pp. 261–270.
  31. Hur, J.; Noh, D.K. Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans. Parallel Distrib. Syst. 2010, 22, 1214–1221.
  32. Wang, S.; Zhang, X.; Zhang, Y. Efficient revocable and grantable attribute-based encryption from lattices with fine-grained access control. IET Inf. Secur. 2018, 12, 141–149.
  33. Li, J.; Yao, W.; Han, J.; Zhang, Y.; Shen, J. User Collusion Avoidance CP-ABE with Efficient Attribute Revocation for Cloud Storage. IEEE Syst. J. 2018, 12, 1767–1777.
  34. Zhou, Z.; Huang, D. Efficient and secure data storage operations for mobile cloud computing. In Proceedings of the 2012 8th International Conference on Network and Service Management, Las Vegas, NV, USA, 22–26 October 2012; IEEE: Piscataway, NJ, USA, 2012; pp. 37–45.
  35. Mao, X.; Lai, J.; Mei, Q.; Chen, K.; Weng, J. Generic and efficient constructions of attribute-based encryption with verifiable outsourced decryption. IEEE Trans. Dependable Secur. Comput. 2015, 13, 533–546.
  36. Zuo, C.; Shao, J.; Wei, G.; Xie, M.; Ji, M. CCA-secure ABE with outsourced decryption for fog computing. Future Gener. Comput. Syst. 2018, 78, 730–738.
  37. Zhang, P.; Chen, Z.; Liu, J.K.; Liang, K.; Liu, H. An efficient access control scheme with outsourcing capability and attribute update for fog computing. Future Gener. Comput. Syst. 2018, 78, 753–762.
  38. Huang, Q.; Yang, Y.; Wang, L. Secure Data Access Control With Ciphertext Update and Computation Outsourcing in Fog Computing for Internet of Things. IEEE Access 2017, 5, 12941–12950.
  39. Guo, R.; Yang, G.; Shi, H.; Zhang, Y.; Zheng, D. O 3-R-CP-ABE: An efficient and revocable attribute-based encryption scheme in the cloud-assisted IoMT system. IEEE Internet Things J. 2021, 8, 8949–8963.
  40. Zeng, M.; Qian, H.; Chen, J.; Zhang, K. Forward secure public key encryption with keyword search for outsourced cloud storage. IEEE Trans. Cloud Comput. 2019, 10, 426–438.
More
© Text is available under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/)
Video Production Service
Feedback